Project 23: Sniffing with ettercap on Ubuntu Linux Worth 15 Points
Start Your Ubuntu Virtual Machine
1. Start your Ubuntu machine and log in as usual.
Installing ettercap
2. From the menu bar in the upper left corner of the Ubuntu desktop, click Applications, Add/Remove.
3. In the Add/Remove Applications box, in the Search field, enter ettercap and press the Enter key.
4. When the ettercap application appears, as shown below on this page, check the check box in the Application pane. In the “Apply the following changes?” box, click Apply. Enter your password when you are prompted to. Wait while software downloads and installs.
5. When you see a Changes applied box saying that the changes were successful, click Close.
Starting ettercap
6. From the Ubuntu menu bar, click Applications, Accessories, Terminal.
7. In the terminal window, enter this command, then press the Enter key:
ettercap --help
A long list of options appears, as shown to the right on this page.
8. In the terminal window, enter this command, then press the Enter key:
sudo ettercap –Tq -d
Enter your password when you are prompted to. This command starts ettercap in text mode, with DNS resolution of IP addresses. There are several lines of introductory information, as shown to the right on this page, followed by the message “Text only Interface activated…”. This window is now sniffing all network traffic to find passwords.
Logging in to hills.ccsf.edu with Firefox from Ubuntu
9. Leave the Terminal window open.
10. From the menu bar in the upper left corner of the Ubuntu desktop, click Applications, Internet, Firefox Web Browser.
11. Type in the address hills.ccsf.edu/mail and press the Enter key. Enter your name into the Username field. Do NOT put your real password into the password field, whatever you do! Everyone in the room can see your password. Put in a password of FromUbuntu and press the Enter key.
12. When a box pops up asking whether you want Firefox to remember this password, click “Not now”. After a few seconds, you will see a message saying Username/Password Failure.
13. Close or minimize the Firefox window. The ettercap window should now show the name and password you typed in.
Logging in to hills.ccsf.edu with Firefox from Windows
14. Leave the Terminal window open.
15. Go to a Windows machine. You could use your host system, or any computer in the room.
16. On the Windows machine, open a Web browser and go to hills.ccsf.edu/mail
17. Enter your name into the Username field. Put in a password of FromWindows and press the Enter key.
18. When a box pops up asking whether you want the browser to remember this password, click “Not now”. After a few seconds, you will see a message saying Username/Password Failure.
19. Look at your Ubuntu machine now. The ettercap window should now show both names and passwords, as shown below on this page.
Saving the Screen Image
20. Make sure the two passwords FromUbuntu and FromWindows are visible, as shown above on this page.
21. Press Ctrl+Alt to release the mouse, and click on the host Windows XP desktop. Press the PrntScn key to copy whole screen to the clipboard.
22. On the host Windows XP desktop, open Paint and paste in the image. Save it as a JPEG, with the filename YourNameProj23a.
Setting up a File Share on a Windows Machine
23. Start a Windows XP virtual machine. You can use the same host machine you are running Ubuntu on, or any other host computer on the LAN. Log in as usual.
24. Click Start, My Computer. In the My Computer window, click Tools, Folder Options. In the Folder Options box, click the View tab. Scroll to the bottom of the list and make sure the Use simple file sharing (recommended) box is checked, as shown to the right on this page. Click the OK button.
25. Right-click the desktop and select New, Folder. Name the new folder YourNameShare. Don’t use the literal text “YourName”—instead use your own name.
26. Right-click the YourNameShare folder and click Sharing and Security.
27. If you see a window like the figure below on this page, click the lower blue text saying “If you understand the security risks, but want to share files without running the wizard, click here.” If you don’t see that box, that’s OK, just proceed to the next step.
28. In the YourNameShare Properties box, click the Share this folder button, as shown to the right on this page. Click the OK button. This machine is now a file server.
29. Find the IP address of your Windows machine and write it in the box to the right on this page. (Your IP address should be on your desktop, but if it isn’t, click Start, Run, enter CMD, press Enter, and enter the IPCONFIG command to get it.).
Connecting to the File Share From a Different Windows Machine
30. Go to a different Windows machine, such as the host Windows XP system. Click Start, Run. In the Run box, enter two backslashes and the IP address you wrote in the box above, as shown to the right on this page. Don’t use the exact address shown in the figure—use the IP address of your own Windows XP file server. Press the Enter key.
31. If a Connect to box appears, as shown below on this page, just click Cancel.
32. Look at your Ubuntu machine now. The ettercap window should one or more password hashes, as shown below on this page. It’s possible to crack these hashes, but it can be difficult. You need to use a tool like John the Ripper, which we will use in a later project.
33. If you don’t see any hashes, try opening any local network share from any computer. The simplest way to do it in S214 is to go to any host Windows XP machine, click Start, Run and enter \\192.168.1.3
Saving the Screen Image
34. Make sure the password HASH is visible, as shown above on this page.
35. Press Ctrl+Alt to release the mouse, and click on the host Windows XP desktop. Press the PrntScn key to copy whole screen to the clipboard.
36. On the host Windows XP desktop, open Paint and paste in the image. Save it as a JPEG, with the filename YourNameProj23b.
Turning in your Project
37. Email the JPEG image to me as an attachment. Send the message to with a subject line of Proj 23 From Your Name. Send a Cc to yourself.
Last modified 3-17-07
CNIT 235 - Bowne Page 5 of 6